Cart
[Home] [By Thread] [By Date] [Recent Entries]
More fun with the protocol:
This also seems to work :D (on Chromium Linux)
<?php
header("Refresh: 0;javascript:alert('Yo!')");
?>
So you can run javascript inyecting something in the headers.
Practical if you need a proxy to run something on all webpages.
On 23 February 2012 13:37, Tei <oscar.vives@g...> wrote:
> Protocols are fun :D
>
>
> Some dude HTML page withouth HTML:
> http://css-tricks.com/using-css-without-html/
>
>
> My PHP script that returns a page in TXT and HTML (perhaps a way to
> download a webpage that include images in parts of the multipart mime
> document):
>
> <?php
>
> header("Subject: Test multipart");
> header("MIME-Version: 1.0");
> header("Content-type: multipart/x-mixed-replace; boundary=xstringx");
>
> ?>
> --xstringx
> Content-type: text/xml; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> <xml>Sample Text Content</xml>
>
> --xstringx
> Content-type: text/html; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> <html>
> <head>
> </head>
> <body>
> <div style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sample HTML =
> <b>C</b>ontent</div>
> </body>
> </html>
> --xstringx
>
>
>
> On 23 February 2012 12:35, Pete Cordell <petexmldev@c...> wrote:
>> I know this is an old thread (and this is not really the right list for a
>> detailed discussion on this topic), but I did some musings on what would be
>> involved to doing digest style authentication of password data in HTML form
>> data. Â I've written a quick blog post up on it and to me it seems quite
>> doable.
>>
>> Have a read at: http://codalogic.com/blogs/pete/?p=376
>>
>> Thanks for your indulgence!
>>
>>
>> Pete Cordell
>> Codalogic Ltd
>> Interface XML to C++ the easy way using C++ XML
>> data binding to convert XSD schemas to C++ classes.
>> Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com
>> for more info
>> ----- Original Message ----- From: "Pete Cordell" <petexmldev@c...>
>> To: "Greg Hunt" <greg@f...>
>> Cc: "xml-dev" <xml-dev@l...>
>> Sent: Monday, January 30, 2012 1:52 PM
>>
>> Subject: Re: RE: Encoding charset of HTTP Basic Authentication
>>
>>
>>> I'm surprised I'm in a minority of one on this. Â I've snipped out lots of
>>> comments in a reply, but my basic position is that we shouldn't be adopting
>>> a "buyer beware" position when it comes to handling passwords when we know
>>> there are better ways to do it, and we have known that for the best part of
>>> a decade.
>>>
>>> The upside of this is that I will be delving into my server configs and
>>> changing them to use Digest if I can. Â So I'm pleased that the topic has
>>> been raised from that point of view.
>>>
>>> A quick question before I do though, does Digest require the server to
>>> have access to the password in clear text form, whereas Basic allows the
>>> server to store the password in some hashed form?
>>>
>>> Thanks,
>>>
>>> Pete Cordell
>>> Codalogic Ltd
>>> Interface XML to C++ the easy way using C++ XML
>>> data binding to convert XSD schemas to C++ classes.
>>> Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com
>>> for more info
>>> ----- Original Message ----- From: "Greg Hunt" <greg@f...>
>>> To: "Pete Cordell" <petexmldev@c...>
>>> Cc: "xml-dev" <xml-dev@l...>
>>> Sent: Monday, January 30, 2012 11:29 AM
>>> Subject: Re: RE: Encoding charset of HTTP Basic Authentication
>>>
>>>
>>>> Surely most of us here get paid to know how things work and what their
>>>> strengths and weaknesses are. Â The level of knowledge is sadly lower than
>>>> it should be, but to paraphrase you, thats no excuse. Â I don't think that
>>>> digest was part of HTTP 1.0 and retiring standards is difficult.
>>>>
> ...
>
>
> --
> --
> â±in del â³ensaje.
--
--
â±in del â³ensaje.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
